As part of authentication, we use a iterating action listener to perform asynchronous authentication against the realm
chain. When this listener is called with a response or a failure, it could be called from a thread that is not owned by
the Elasticsearch threadpool such as a LDAPConnectionReader thread. When this happens, we need to ensure that the
ThreadContext is not left with items in it otherwise we leave behind things like Authentication and hit obscure errors.
This commit stores the context when the listener calls the consumer or onResponse/onFailure is invoked, which prevents
us from polluting a external thread's ThreadContext.
Original commit: elastic/x-pack-elasticsearch@0f50fb6c10
Some json builders in the codebase were not closed. even
though this is not needed for the BytesStreamOutput being used,
there is more closing logic in the jackson classes, which we
should not rely on, that those never change or are ok to not
close.
Original commit: elastic/x-pack-elasticsearch@05a43d80ff
This is the Elastic convention, and also makes it clearer where the
actual log message from the C++ starts
Original commit: elastic/x-pack-elasticsearch@dc9aeefb08
* Tribe node security tests with external clusters
This PR adds a qa module for security tests with tribe node
using external clusters. Existing SecurityTribeIT tests
have been ported to use external clusters with tribe setup
as a first step.
Currently the ports to the external clusters are passed to the
integration tests through system properties and external clusters
are built on test setup (the code for building external clusters is
copied from ESIntegTestCase). This is a WIP as we need a
more generic way to facilitate testing tribe setup with external
clusters. thoughts welcome.
* incorporate feedback
* update to master
Original commit: elastic/x-pack-elasticsearch@686887ca91
in case of tribe node client do not even bother to check for native process version, because it isn't running.
Original commit: elastic/x-pack-elasticsearch@e6fdd5e82a
[ML] * Add MachineLearningTemplateRegistry class
[ML] * Add blocking method to put templates required by tests
[ML] * Add version check for templates
[ML] * Review comments
Original commit: elastic/x-pack-elasticsearch@07d315e56d
This norelease can be removed, because we no longer create indices automatically when missing, but use index templates.
Original commit: elastic/x-pack-elasticsearch@b6880ce7b7
Also included assignment explanation to both job and datafeed stats apis and
included executor node to datafeed stats api
Original commit: elastic/x-pack-elasticsearch@783bc77ef6
When the datafeed indexes are concrete indexes, the search
will throw IndexNotFoundException, thus a notification is being
generated. However, when the indexes are patterns, the search
does not fail.
This commit adds a warning when a lookback-only datafeed
retrieves no data as it is certain that the user misconfigured
something and it's useful to make him aware of it.
Original commit: elastic/x-pack-elasticsearch@e3490ea978
If any format other than json is sent, it should get converted to json, as watcher works under the assumption that the script is a template, hence json.
Original commit: elastic/x-pack-elasticsearch@554bcd306b
Fixeselastic/prelert-legacy#803
On Windows the JVM hangs during shutdown if the native controller process
is still running. A thread dump suggests this is because of a finalizer being
blocked. We can avoid the problem by explicitly telling the controller to exit
when the node is stopped. Although the hang is Windows-specific, it doesn't
hurt to do this on *nix too.
Original commit: elastic/x-pack-elasticsearch@6fa1c2b966
Eclipse errors because the direct supperclass of the two listeners is package private and it doesn’t have the smarts to look higher in the heirarchy. So we need to add a cast hint to force Eclipse to consider the elements as Listeners
This fix was mistakenly removed in another commit
Original commit: elastic/x-pack-elasticsearch@6305456d5a
Adds a preview end-point: `/_xpack/ml/datafeeds/{datafeed_id}/_preview`
The endpoint returns an array with the JSON records that will reach
writer to the c++ process. Thus, the preview can be used to verify
that a datafeed is configured correctly with regard to itself and
its corresponding job.
Original commit: elastic/x-pack-elasticsearch@1e0e9c906d
* [ML] Index template for notifications, meta and state indices
* Add ignore_unavailable option to searches so missing indices don’t throw errors
* Test for job existence before returning results
* Template mapping for results indices
* Fix tests
* Reinstate merge conflict dropped code
* Fix and tidy up JobProviderTests
Tests had badly named & duplicated tests
* Don’t check if the job indices already exist when allocating
Indices are created on demand from templates
* No need to create indices in initialisation service
Using templates now
* Remove unused code and add comment
Original commit: elastic/x-pack-elasticsearch@1ba115d4fc
Eclipse errors because the direct supperclass of the two listeners is package private and it doesn’t have the smarts to look higher in the heirarchy. So we need to add a cast hint to force Eclipse to consider the elements as Listeners
Original commit: elastic/x-pack-elasticsearch@a7aff45571
Refactors xcontent serialization of Request and Status to use their writable names instead of action name. That simplifies the parsing logic, allows reuse of the same status object for multiple actions and is consistent with how named objects in xcontent are used.
Original commit: elastic/x-pack-elasticsearch@3d059ea952
The DnRoleMapper was changed when moving to asynchronous authentication, which introduced a regression that leads to a
NPE being thrown on file refresh. The cause is the addition of a null listener from the LdapRealm upon construction.
This change removes the listener constructor argument as it was always null or a empty runnable and adds a check in the
addListener method to ensure the listener is not null. Finally, the DnRoleMapperTests had a bug where the temporary
filenames did not have the correct suffix and tests were not actually testing what was intended.
relates elastic/x-pack-elasticsearch#608
Original commit: elastic/x-pack-elasticsearch@f47f258590
Currently, both the NativeUsersStore and NativeRolesStore can undergo
multiple state transitions. This is done primarily to check if the
security index is usable before it proceeds. However, such checks are
only needed for the tests, because if the security index is unavailable
when it is needed, the downstream actions invoked by the
NativeUsersStore and NativeRolesStore will throw the appropriate
exceptions notifying of that condition. In addition, both the
NativeUsersStore and NativeRolesStore had much duplicate code that
listened for cluster state changes and made the exact same state
transitions.
This commit removes the complicated state transitions in both classes
and enables both classes to use the SecurityTemplateService to monitor
all of the security index lifecycle changes they need to be aware of.
This commit also moves the logic for determining if the security index
needs template and/or mapping updates to the SecurityLifecycleService,
and makes the NativeRealmMigrator solely responsible for applying the
updates.
Original commit: elastic/x-pack-elasticsearch@b31d144597
In rare cases, the CertificateToolTests#testPromptingForInstanceInformation could try to use the same name multiple
times. This causes the test to fail with a message for an unknown prompt. This commit ensures no duplicates are added.
relates elastic/x-pack-elasticsearch#597
Original commit: elastic/x-pack-elasticsearch@ab8bb7ad50
This commit allows persistent actions to indicate why a task was or wasn't assigned to a certain node.
Original commit: elastic/x-pack-elasticsearch@cdacf9b10f
Changed `ProblemTracker#updateEmptyDataCount(boolean)` into `ProblemTracker#reportEmptyDataCount()`.
and added `ProblemTracker#reportNoneEmptyCount()` to reset the empty count counter.
Original commit: elastic/x-pack-elasticsearch@c1a44d6fd3
This allows it to be disabled/enabled via job updates.
It also simplifies it by removing bounds_percentile as it currently
rarely makes sense to set the bounds to another value than 95.0.
Original commit: elastic/x-pack-elasticsearch@c27fce2d86
This PR introduces a service component that is scheduled to run
once per day, around 30 minutes past midnight, local time.
Listeners can be subscribed to the service in order to get notified
when the next service trigger occurs so that they can execute
management tasks.
Currently, there are 2 such listeners: one is performing removal
of results and the other of model snapshots that have expired
their retention period.
Finally, note that the service is only installed on the master
node to ensure there is only one running on the cluster.
Original commit: elastic/x-pack-elasticsearch@c8edb6016a
Jay Modi
Martijn van Groningen
Alexander Reelsen
David Kyle
David Roberts
Igor Motov
Areek Zillur
Dimitris Athanasiou
javanna
Colin Goodheart-Smithe
Ali Beyad
jaymode